Kaspersky CEO Wants End To Online Anonymity 537
Andorin writes "Eugene Kaspersky, CEO of well-known computer security company Kaspersky Labs, is calling for an end to the anonymity of the Internet, and for the creation of mandatory 'Internet passports' for anyone who wishes to browse the Web. Says Kaspersky, 'Everyone should and must have an identification, or internet passport ... the internet was designed not for public use, but for American scientists and the US military. Then it was introduced to the public, and it was wrong ... to introduce it in the same way.' He calls anonymity 'the Internet's biggest security vulnerability' and thinks any country that doesn't follow this regime should be 'cut off.' The EFF objects, and it's likely that they won't be the only ones."
too late (Score:5, Interesting)
He may be correct that the internet shouldn't have been opened up like it was. I've been online long enough to remember when you could assume (perhaps wishfully) that nearly anyone obviously misbehaving badly on it could be identified with a couple e-mails or phone calls to the right sysadmins, and the notion of banning a user or cutting off a rogue node was plausible. I kind of miss the relative safety and decorum of that internet. But the ship of general unrestricted access set sail a couple decades ago, and that horse has long since left the barn. If you want an internet with the kind of accountability that Kaspersky is taking about... it can't be the internet that everyone's already hooked up to. That bell can't be unrung... and if you need any more metaphors for this, I can supply them. :)
As you might expect (Score:4, Interesting)
Security expert wants a more secure system. Freedom experts want a free system. Unsurprisingly these two views clash - because they are designing things for different use cases.
Re:If he doesn't like anonymity... (Score:3, Interesting)
Maybe he should move to Korea (Score:1, Interesting)
Of course he'd have to live there for 15 or so years before they give him a useful Resident Registration Number (the foreigner/non-citizen ones aren't accepted by everyone), but then he can enjoy the Korean internet where there is no anonymity and everyone uses their Resident Registration Number to identify themselves on every big popular web site.
Screw the honest guy, Make rich the bad guy! (Score:3, Interesting)
Great the honest guy who goes through the process of being a legit passported internet user is going to get screwed as everything he does skimmed by 20 people for cash.
The bad guy on the other hand with 5k forged identities makes out like a bandit.
Anonymity is the only thing that makes the internet work.
Re:If he doesn't like anonymity... (Score:5, Interesting)
This isn't pure rhetoric and sarcasm, whether the author meant it that way or not.
Credential Grab: I'm a doctoral candidate, and this is in my area of research.
The right solution, without considering feasibility, is that traffic may be anonymous, but that receivers should be able to refuse to receive anonymous traffic, and should also be able to refuse to grant resources (such as incoming network capacity) to that traffic. The current Internet architecture doesn't make this technically feasible, as the sender is generally in control of your inbound network capacity. There's a research push toward architectures that remove this limitation, such as the Internet Indirection Infrastructure [berkeley.edu] (i3). (Not one of my favorites, but it illustrates the point.)
My personal goal is that we develop an internet architecture which allows for provisioned virtual network links on shared physical infrastructure. Then Kaspersky (and anyone who agrees with him) really can have an isolated network, carried on the same physical infrastructure, while those who think anonymity is an important goal can have their own isolated network, sharing hardware but with neither able to impact the other. Network overlays can do all of this right now except for the provisioned links, and MPLS and similar technologies could already enable provisioning if they were widely adopted and deployed.
(My own research is into high-speed overlay hosting platforms.)
You're welcome to create your own network (Score:3, Interesting)
Eugene, you're welcome to create your own network with controlled access and tight protocol control. It will fail horribly, but you're welcome to try.
There were dozens of network in the '80s, competing with the Internet. The Internet won because it was open. If the Internet hadn't been open, something else that *was* would have won instead.
DARPA Packet Attribution Project (Score:1, Interesting)
Just a heads up:
https://www.fbo.gov/index?s=opportunity&mode=form&id=c672eaa4e4033419f46d07837fcdbe79&tab=core&_cview=0
And yes, it will be commercialized.
Re:"Papers Please" (Score:5, Interesting)
Eliminate anonymity, and then sell products that mostly, but far from perfectly, protect against abuses of that information.
One of the other technicians where I work recently used a computer with Kaspersky on it. I watched their scanner merrily let spyware through while actively stopping some of the techniques and programs we use to get rid of spyware. Delete an infected registry key? "Kaspersky has stopped a change to your registry!" Unregister a spyware-installed DLL? "Kaspersky has stopped a change to your critical system files!"
In light of this, I suggest changing "sell products that mostly, but far from perfectly, protect against abuses of that information" that to "sell products that appear to, but don't, protect against abuses of that information".
Re:Where you do you com from, where do you go .. (Score:1, Interesting)
In a lot of cases, when a breach occours, when you go to the link on the chain, what you likely will get is a perfect identifiable host that you know where it is physically, who owns it, and all that... but it was compromised and being used as a base for attacks. So, lack of anonyminity gives me zero recourse whatsoever, except perhaps legal and criminal action against the compromised machine's owner for not keeping their security up to date (which can easily be deflected in courts should they turn up any type of "due diligence" type of defense.)
Tor or anonymizing proxies are the least of my worries. At the extreme, I can subscribe to a blacklist (both name and IP ranges) and have my router drop any packets coming from those sites. What comes knocking on my doors attack wise are compromised home computers and the occasional machine on a corporate or educational network. In those cases, anonymity doesn't help a bit.
Of course, should the intrusion succeed, the first thing the blackhat (I'm meaning a true blackhat here, not just frontline script kiddies) will be doing is gunning after the system logs (either by editing, or just outright zeroing them out.)
Conclusion: Loss of anonymity won't protect businesses against anything. Instead, good security principles and solid use of available tools will go a long way in this regard.
Posting anonymously because I feel like it.
Re:"Papers Please" (Score:4, Interesting)
But your freedom is defined by your government. If your government thinks you should not have the right to free speech, then it has no problems making it prohibited by law.
Indded! I just moved from South Korea, and my last few months there were made difficult by its new Internet ID requirements [koreatimes.co.kr]. Suddenly, I couldn't comment on [koreaittimes.com] (or sometimes simply log into) many large websites. Foreigners living in Korea are not able to log into or comment on Korean sites at all, though ironically, ethnic Koreans living overseas are able to register for an ID number [koreatimes.co.kr].
This has a real chilling effect on speech [koreabeat.com] (and I'm not talking about anonymous trolls). There is no way for a well-meaning whistle blower to escape the reach of Korea's oligopoly and political in-fighting.
Even sadder is that the whole system is strongly tied to IE and ActiveX (just like the banking). Sigh. I'm happy to be out of that situation. If the rest of the countries of the world adopt similar systems, we'll see the Balkanization of Internet. That shattering of communication (and a non-neutral Internet) may be inevitable.
When anonymity is outlawed... (Score:3, Interesting)
When anonymity is outlawed... Anonymous will be outlaws.
Seriously though, does he actually think that the criminals, fraudsters, libelers, and the worst of the worst, the copyright breakers will not find a way to get around his passport system? Assuming every country in the world would even go for this, the best they could do is find a way to sue everyone who says a bad word about Kaspersky or his clients.
Re:"Papers Please" (Score:3, Interesting)
Re:If he doesn't like anonymity... (Score:4, Interesting)
You are the receiver. Your ISP is a carrier. You elect to connect to private networks, who may charge subscription fees of you. For use of the ISP's network, those same private network owners may pay for their provisioned capacity.
This is possible, sure. Just as, today, the same lobbying group could attempt to force the government to mandate that your ISP sniff your every packet to detect that you're pirating Steamboat Willie. However, bear in mind that the goal is to add an economic incentive to the ISP to fight restrictions. The ISP wants to sell services to as many private network providers as possible because they are being paid for the reserved capacity. When the copyright cartel meets the ISP lobby in Congress, there's at least a chance that things could improve. As it stands, the only ISP incentive to fight it is the cost of the monitoring equipment, and I'm sure the copyright cartel would be thrilled to provide it to them, along with their own custom software....
Either I have not explained things adequately or you have misunderstood. The goal is to enable disruptive, innovative network technologies which cannot currently be deployed because they might conflict with the existing technologies. (For a particularly disruptive example, look at Decongestion Control [PDF [ucsd.edu]].) There's no desire to block existing technologies, and I'd fully expect the existing Internet to continue alongside the new networks. Retaining the existing Internet is a primary goal of the research thrust, and I'd reject as unworkable any new architecture that didn't enable it.
Really, the most undesirable thing about the model is that it enables a lot more nickel-and-diming from the ISPs and the network providers. You might pay a base fee for ISP connectivity, followed by an additional fee for access to the base Internet, then you pay a fee to connect to the SpamFreeEmailNetwork, and so forth ad nauseum. But at least you only need to pay for the services you use, and I could see package deals (analogous to cable channel bundles) becoming a selling point, too.
Re:If he doesn't like anonymity... (Score:1, Interesting)
That is the key right there. Yes, someone who had the legal and financial means *could* find out who it is. However, in reality, if someone wanted to find real info about a slashdot user, they would have to get it from Slashdot, then hit the SSL VPN provider [1][2] (if one is in use) to try to match packets from the real IP. Finally, the IP that they get after twisting the arm of any intermediaries will have to be matched with the real life info. This can be hard, as the /. user could be on a laptop at a brewpub that uses a random MAC, with 30 other people hammering away on the Wi-Fi connection with various devices at the same time.
Not to say it can be done. If the civil/criminal violation is substantial enough, there are ways to yank the mask off without needing to hop from rabbit hole to rabbit hole, especially if someone paid money via a credit card and is a paid subscriber of a service. However, backtracing someone willy nilly can get tough.
I like it as it is... People can be traced, but it isn't so easy that a stalker can have a field day by demanding requests from someone about every move they make from Google without a court order.
[1]: I'm sure all "anonymous" services won't be anonymous should Interpol come by for a cup of tea. No service who is offering anonymity wants to be the endpoint responsible for the traffic going through them, so I'm sure they will keep logs at least for a few days to a week for both tracing down attacks, as well as CYA reasons.
[2]: There are perfectly legit reasons to use a SSL VPN provider. I've seen some people use them so the address space that is allowed to connect to a corporate or organizational network can be reduced to just what the VPN host uses, and anyone else trying to connect will be denied at the router level. Of course, there is the fact that some wireless networks are set up just to sniff or even modify traffic going across, so having that end unable to tamper with the outgoing Internet traffic is a plus.
Re:If he doesn't like anonymity... (Score:3, Interesting)
Re:"Papers Please" (Score:2, Interesting)
...name tattooed on their forehead....
something like that is prophesied in the book of Revelation which was written almost 20 centuries ago.
Rev13:16 And he forces all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:
What, no part time psychoanalysts? (Score:5, Interesting)
Kaspersky. See the name? He's a Slovak - I would say Polish, but Slovak for sure. He lives in Russia. He's no young puppy. The man grew up under the old Soviet. His values are not the values of the western world. I don't mean to be judgemental, per se, but I recognize that he ain't like me.
While most of us in the western world tend to deny it, there is comfort to be had inside of a totalitarian regime. You know your place, you know everyone else's place, you do your job and keep your nose to yourself, and everyone gets along. It's easy to sell to the masses, and Joe Sixpack manages alright unless and until some silly sumbitch decides to sacrifice Joe for the "good of the party".
So, Mr. Kaspersky has a touch of nostalgia for the good things from the Soviet, and forgets about the bad things. People tend to do that. Right here in the US, we have all kinds of people who remember the '50's (or whichever decade they were teenagers in) as Utopia. Life was simpler then - mostly because they were kids with no responsibilities.
For that matter, I can probably find a few million people right here in the US why would fall right in line with Mr. Kaspersky's ideas, because it just makes sense. No one needs to be anonymous, unless they are up to no good. Hell, with my own relatively open mind, I think kids are goofy for wearing hoodies. Why cover your face, and try to hide your features, if you're not ashamed of what you are doing? But, I don't make a big deal of the hoodies, because I know the cops aren't always right, or even always honest.
Yeah, I could easily find several million people in the US who will agree with Mr. Kasperski. Some kind of a psychological analysis would be nice to look at. Or, the conclusions drawn by the psych people, anyway.
Any takers?
Re:If he doesn't like anonymity... (Score:3, Interesting)
Perhaps I'm a little slow here, but I thought I'd addressed his concern: today's existing Internet doesn't go away. It exists in parallel with other (private) networks. You cannot make the situation inherently less anonymous by adding more options, as one can always eschew all other options to stick with the existing Internet. If the existing Internet doesn't change, then mathematically, anonymity is non-decreasing.
Is the concern that ISPs will stop providing access to the base Internet? Economically, that doesn't pass the laugh test. Any ISP that doesn't let you connect to the base Internet will be ridiculously uncompetitive. The only way this could happen is if a legislative solution is enforced. Picture the headline: "Congress votes to disconnect the USA from the Internet!"
One can argue that successful deployment of this sort of solution will change the existing Internet. For example, there is the potential to reduce the traffic load. E.g., if everybody migrates to a spam-free email network (which doesn't actually need an isolated network), the ROI on spam email will finally drop to the point where it largely ceases. With no SMTP traffic (legitimate or spam), it becomes a bit harder to hide your traffic in the background noise. It's even possible that eventually, years and years down the road, the existing Internet could become so undesirable to the typical consumer that people cease to subscribe. Then you might have a real concern, since oppressive regimes could assume that anyone still using it has something to hide. Personally, I doubt the existing Internet would ever come to that point without an equivalent replacement, although there's certainly a hint of "Laslo, I respect you but I graduated" to the discussion.
A larger concern is something you mentioned as a side point: ISPs and content providers are beginning to merge. A lot of the technical design is in place to provide incentives to entrepreneurs. But if an ISP decides to enter the market with a private network offering, they have an unfair competitive edge: they can use their own infrastructure at cost while charging outsiders a hefty fee. Fixing that detail probably takes a legislative solution. That's the sort of thing which really worries me, because it's hard to force a legislative solution against that sort of lobby.
Re:Anonymity IS a threat (Score:3, Interesting)
There is also the issue of the highly toxic environment that online anonymity brings.
Theres a cartoon with an equation:
Normal person + Audience + Anonymity = Fuckwad.
This was presented as a joke in the cartoon but it is the truth.
Anonymity in online forums and mmos, for example, is wholly responsible for the vitriol and bile that people spew all over these online places.
I don't think that what is required is to tie all of a persons online identities back to their street address, but for others on the internet to be able to connect all of their pseudo-anonymous identities to one another.
Re:If he doesn't like anonymity... (Score:1, Interesting)
2) Post from a laptop you bought at a garage sale, having left your cell phone elsewhere.
Presto, true anon posting.
Nice try, dumbass.
Save the IEEE MAC address/organisation list from http://standards.ieee.org/regauth/oui/oui.txt [ieee.org], generate a fake MAC address with the 1 liner below, and there's no need to buy a 2nd hand laptop: /dev/null | md5sum | sed 's/\(..\)/:\1/g' | cut -b1-9`
echo `cat oui.txt | grep \(base\ 16\) | sed 's/\(..\)/:\1/g' | cut -b2-9 | shuf | tail -1``dd if=/dev/urandom bs=$RANDOM count=1 2>
Can probably be tidied up, but will generate a valid, but fake, MAC.
This is great BTW, but if I try and change the MAC of my WLAN adapter with ifconfig the wireless stops working. Not looked into it much though..... it might work with ath5k, but didn't with ath_pci when I tried it.
Re:incentives (Score:3, Interesting)
Next, some genius will get the bright idea to bring biometrics to the Internet Passport, surely *that* will stop The Bad Guys. At that point, spammers have an incentive to kill you and cut off your hand, which they'll attach to a little machine to keep it at the right temperature and perspiration level, so they can send V1@gra spam.
You know, the first thing I thought of when reading your post was the "Thumb Thieves" from Back to the Future 2. The "Thumb Thieves" were one of the articles in the USA Today from the future.
Re:"Papers Please" (Score:2, Interesting)
Let's see, WTC 7 comes down in a manner that looks for all the world like a controlled demolition and the "scientists" investigating the event don't bother to look for explosives? And I'm supposed to accept the official government line that 19 Arabs, some of whom are still alive and flying for Saudi Airlines, really did it? At this point, how many years into the Iraq Oil War, anybody who takes any of this nonsense seriously just isn't paying attention. So what are these characters at NIST? Are they idiots? Incompetents? Accomplices after the fact? Just scared shitless that they're going to be murdered if they do a real investigation? This whole case stinks so bad, I would have to see some hard evidence that anyone on any of those four airplanes had ever even looked a photograph of Saudi Arabia. If there was any hard evidence, they would have tripped over themselves to show it to us already. There is none.
Kaspersky CEO wants more money (Score:3, Interesting)
The real meat of the matter here is this Kaspersky guy's business is kind of in the dumps. He's being eaten alive by AVG and Clam, so a bit of trolling gets his name around the e-rags and a few people go "WOW they're still around ? ZOMG I'll try their A/V again".
If Kaspersky "ends online anonymity", they will end their revenue stream. It would seem logical that a company thriving off the constant threat of malware, would not want to see that malware willed away via draconian ID mandates and exclusionary tactics. Then we'll all know the Kaspersky guys were the ones writing viruses all along...